The smartest way to stay unaffected by ransomware? Backup!

Here at Emsisoft, we know that ransomware is now the most consistently problematic type of malware to effect internet capable devices and businesses. As a security software vendor you might expect that with this blog post we would try to sell you our product as the ultimate solution against ransomware. A quality anti-malware program is vital. Our software in fact is specialized in finding and blocking ransomware, but there is one additional layer of protection you need to consider.

What would you do if an attacker gained admin access to your computer and disabled your antivirus/anti-malware software? They have cleared the way to load the encryption part of their ransomware onto your machine and now your data is lost to you. Anti-malware software detects malicious files very well, but it can’t prevent you from opening your doors to invite the bad guys in.

In the recent past our lab has dealt with many ransomware victims who’s computers were infected manually by using leaks in old, non-patched software to get admin access. So you should always have a Plan B at hand. If someone manages to disable your protection software, you need to have a backup.

Firstly, what is ransomware?

An exploitative crime, ransomware is a kind of malware that encrypts your personal data or locks your entire PC. If infected you will be asked to pay a “ransom” via an anonymous service (such as a Bitcoin page) in order to unlock your computer and free your data.
Ransomware makes up a huge part of today’s active threats as it turned out to be one of the easiest and highest income earners for attackers. All other malware makes its developers money indirectly (by using or selling your computer power), but ransomware directly asks you (the victim) for cash by putting you in a situation in which you feel forced to pay.

The key to protecting your data from a ransomware attack lies with preparedness.

It’s all about Plan B

If you have all of your data stored somewhere else, uninfected, a ransomware attack will not be such a problem for you. In fact, in most cases you will only need to wipe your computer and start again. By keeping an updated backup, you can reinstall your operating systems, programs and personal data. This applies to businesses too. If a daily backup becomes part of your daily closing procedure, customer databases, accounts and book-keeping files will always be up-to-date in case of emergency.

What should I backup?

Let’s start with the most important. First and foremost, you need to back up your personal files. Your personal data is irreplaceable. Think of it this way. If your house was burning down, aside from your loved ones, what would you want to save?
Backup any personal documents such as copies of birth certificates or saved bank statements. Your photos, home videos, and any other data such as your work files should be backed up regularly. Those can never be replaced. If you’ve spent hours ripping audio CDs to build your dream MP3 library, you may want to back those files up too.
Your operating system, programs, and other settings should also be backed up. Though it’s not necessary, it can make your life easier if your entire hard drive fails. Particularly if, like me, you are the type of person that likes to play around with program files, regularly update your hardware and run partitions for linux, having a full system image backup may be very useful for you.
Since ransomware also targets corporate users, customer information systems and databases should be backed up regularly.

Backup Options

Before choosing a backup option, the first and most important step is to take some time to properly label and organize your files into well-named and easy to follow directories. If it gets too overwhelming, try starting it on paper.

Seagate offers excellent advice on how to organize your files with a back-up master plan. Decide on the frequency with which you will back up, then consider what your best backup option is.

External hard drives are a good option as the drive can be kept physically separate to your machine and can be locked away for safe keeping. However, external hard drives only work as a backup option if the device is kept physically disconnected from the machine. If it remains plugged in, it is as susceptible to ransomware as the hard disk of your computer. So, keep your backup separate. Keep it updated. And consider encrypting both your computer’s hard disk and the portable hard drive. We explore the benefits of file encryption here.

Backing up online with a cloud service like CrashPlan can be an excellent option to protect against natural disaster, fire or any other kind of physical threat to your data.

CrashPlan is a reputable online backup service with equally popular competitors such as BackBlaze,Carbonite and MozyHome. These programs will run in the background, updating your files in the programs web storage. Keep in mind this option usually requires a monthly fee and the first backup can take quite a long time, particularly if you have a lot of data.

Cloud safety is becoming more and more undermined by cybercriminals who, rather than hacking computers directly, hack the main servers of cloud services. This means your data could still be held to ransom, just on a much larger scale among thousands of other users.

So, when considering an online backup option, look carefully for a service that supports revisioning where old versions of files are kept and are accessible if your backup files are also infected with ransomware. This table compares online backup options based on the different features they offer. If you choose an option that does not support revisioning, please ensure the service does not remain constantly connected to your main computer as even these files can be corrupted. With no alternative versions of your files, you will still lose your data.

By regularly updating with revisioning, all versions will be more recent and your loss can be minimised drastically. If ransomware changes the most recent backup, older versions should remain unchanged.

If infected, take every possible step to avoid paying. Every bitcoin in the hands of a cybercriminal increases the profitability and spread of this kind of malware. Emsisoft does not profit from emergencies. If you ever have a problem, please contact us.